Exploring HIPAA and HITECH Act Definitions: Part 11

From now through November, HIPAA.com is providing a run through of HIPAA transaction & code set, privacy, and security definitions, along with relevant HITECH Act definitions pertaining to breach notification, securing of protected health information, and electronic health record (EHR) standards development and adoption. These definitions are key to understanding the referenced HIPAA and HITECH Act enabling regulations that are effective now and that will require compliance by covered entities and business associates now or in the months ahead, as indicated in HIPAA.com’s timeline. Each posting will contain three definitions, with a date reference to the Federal Register, Code of Federal Regulations (CFR), or statute, as appropriate. Exploring HIPAA and…

READ MORE

Six Primary Goals of the HITECH Breach Notification Requirement

The first part of the HITECH Act is called “Improved Privacy Provisions and Security Provisions”. Section 13402 is the section that starts the discussion of privacy and security and is titled “Notification in case of breach”. This section accomplishes the following: Identifies who this section applies to: Covered Entities and Business Associates. Defines the time frame as to when breaches should be reported to individuals, and depending on severity, mass media, and the Department of Health and Human Services (HHS). The type of information that must appear in the notification letters. Definition of Unsecured Protected Health Information. Note that the HITECH Act delegated the final definition to the HHS vis…

READ MORE

Exploring HIPAA and HITECH Act Definitions: Part 10

From now through November, HIPAA.com is providing a run through of HIPAA transaction & code set, privacy, and security definitions, along with relevant HITECH Act definitions pertaining to breach notification, securing of protected health information, and electronic health record (EHR) standards development and adoption. These definitions are key to understanding the referenced HIPAA and HITECH Act enabling regulations that are effective now and that will require compliance by covered entities and business associates now or in the months ahead, as indicated in HIPAA.com’s timeline. In this posting we highlight the last two definitions from the following HITECH Act section: Exploring HIPAA and HITECH Act Definitions:  Parts 6-10, include definitions from:…

READ MORE

Exploring HIPAA and HITECH Act Definitions: Part 9

From now through November, HIPAA.com is providing a run through of HIPAA transaction & code set, privacy, and security definitions, along with relevant HITECH Act definitions pertaining to breach notification, securing of protected health information, and electronic health record (EHR) standards development and adoption. These definitions are key to understanding the referenced HIPAA and HITECH Act enabling regulations that are effective now and that will require compliance by covered entities and business associates now or in the months ahead, as indicated in HIPAA.com’s timeline. Each posting will contain three definitions, with a date reference to the Federal Register, Code of Federal Regulations (CFR), or statute, as appropriate. Exploring HIPAA and…

READ MORE

Exploring HIPAA and HITECH Act Definitions: Part 8

From now through November, HIPAA.com is providing a run through of HIPAA transaction & code set, privacy, and security definitions, along with relevant HITECH Act definitions pertaining to breach notification, securing of protected health information, and electronic health record (EHR) standards development and adoption. These definitions are key to understanding the referenced HIPAA and HITECH Act enabling regulations that are effective now and that will require compliance by covered entities and business associates now or in the months ahead, as indicated in HIPAA.com’s timeline. Each posting will contain three definitions, with a date reference to the Federal Register, Code of Federal Regulations (CFR), or statute, as appropriate. Exploring HIPAA and HITECH…

READ MORE

Exploring HIPAA and HITECH Act Definitions: Part 7

From now through November, HIPAA.com is providing a run through of HIPAA transaction & code set, privacy, and security definitions, along with relevant HITECH Act definitions pertaining to breach notification, securing of protected health information, and electronic health record (EHR) standards development and adoption. These definitions are key to understanding the referenced HIPAA and HITECH Act enabling regulations that are effective now and that will require compliance by covered entities and business associates now or in the months ahead, as indicated in HIPAA.com’s timeline. Each posting will contain three definitions, with a date reference to the Federal Register, Code of Federal Regulations (CFR), or statute, as appropriate. Exploring HIPAA and…

READ MORE

Exploring HIPAA and HITECH Act Definitions: Part 6

From now through November, HIPAA.com is providing a run through of HIPAA transaction & code set, privacy, and security definitions, along with relevant HITECH Act definitions pertaining to breach notification, securing of protected health information, and electronic health record (EHR) standards development and adoption. These definitions are key to understanding the referenced HIPAA and HITECH Act enabling regulations that are effective now and that will required compliance by covered entities and business associates now or in the months ahead, as indicated in HIPAA.com’s timeline. Each posting will contain three definitions, with a date reference to the Federal Register, Code of Federal Regulations (CFR), or statute, as appropriate. Exploring HIPAA and…

READ MORE

HHS Strengthens HIPAA Enforcement

On Friday, October 30, 2009, HHS published in the Federal Register its Interim Final Rule that strengthens HIPAA enforcement under HITECH Act civil penalty revisions enacted as part of the American Recovery and Reinvestment Act on February 17, 2009.  “These HITECH Act revisions significantly increase the penalty amounts the Secretary [of HHS] may impose for violations of the HIPAA rules and encourage prompt corrective action,” according to the HHS press release.  The Interim Final Rule is effective as federal policy on November 30, 2009, and HHS requests comments by December 29, 2009. With the definition of ‘breach’ in the HITECH Act moving privacy and security violations under one requirement requiring…

READ MORE

Three Key Properties of HIPAA Privacy and Security of Protected Health Information

HIPAA.com has received from its readers requests for information on topics related to HIPAA Administrative Simplification Privacy and Security Rules and to updates to those rules reflected in the HITECH Act provisions of the American Recovery and Reinvestment Act of 2009, signed by President Obama on February 17, 2009.  Recently, HIPAA.com answered the question of particular interest to several readers:  what exactly is protected health information (PHI)?  In this posting, we answer the question:  what are the fundamental properties that underlie privacy and security of protected health information? Three Key Properties The three key properties that underpin privacy and security under the Health Insurance Portability and Accountability Act (HIPAA) are availability,…

READ MORE

CMS Issues New and Updated HIPAA and HITECH Act FAQs: EHR Incentives

The Centers for Medicare and Medicaid Services (CMS) periodically issues new and updated Frequently Asked Questions (FAQs).  HIPAA.com will periodically reproduce new and updated Questions and Answers pertaining to HIPAA Administrative Simplification standards and implementation specifications and to HITECH Act provisions that will be of interest to its readers.  The FAQ [ID#9844] that follows is new, published by CMS on August 13, 2009. Question:  Are physicians who practice in hospital-based ambulatory clinics eligible to receive the Recovery Act’s Medicare or Medicaid electronic health record (EHR) incentive payments. Answer:  Hospital-based eligible professionals are ineligible for the EHR incentive payments under both Medicare and Medicaid.  Our [Department of Health and Human Services] forthcoming NPRM…

READ MORE